If encryption is enabled with encryption type CIPHER_TRUST_KMIP (where encryption keys are managed externally on Thales Group CipherTrust Data Security Platform), this command revokes or reinstates all encryption keys for an encryption group on an EKM. When running this command, you specify one tenant. Keys are revoked/reinstated for all tenants that share the same encryption group as the specified tenant. The encryption group to which each tenant belongs is identified by an identifier called the encryption CRN. You can display the encryption CRN per tenant with the tenant list command.
Usage
tenant alter-encryption-group-state --id ID [--revoke]|[--reinstate]
Required Parameters
| Specifies a tenant. |
Options
| Revokes all keys for the specified tenant's encryption group. When the keys are revoked, data encrypted with those keys is no longer accessible. |
| Reinstates revoked keys for the specified tenant's encryption group. |
Example
vcli: admin> tenant alter-encryption-group-state --id 4 --revoke